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I claim: 

1 . A method for an administrator to restrict access to a device parameter over a 
distributed computer system, the steps comprising: 

5 specifying an address range associated with a data packet; 

generating at least one filter corresponding to the specified address range, wherein the 
filter includes, 

a reference address, 
an address mask, and 

10 an instruction representative of a desired action to be taken for a correlating 

address; 

receiving an incoming packet; 

comparing a source address of the incoming packet to the reference address to determine 
a correlating address; and 
15 executing the instruction representative of the desired action in accordance with the 

source address of the incoming packet. 

2. The method of claim 1, the comparing step further comprising: 
performing a bitwise AND operation between the source address and the address mask; 

20 performing a bitwise AND operation between the reference address and the address 

mask; and 

comparing the outcomes of the bitwise AND operations, wherein equal outcomes results 
in the correlating address, and wherein not equal outcomes results in an address outside the 
specified range. 

25 

3. The method of claim 1, wherein the desired action includes an instruction to block 
the incoming packet. 

4. The method of claim 3, further comprising the step of dropping the incoming 
30 packet with a source address inside the specified address range. 
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5. The method of claim 3, further comprising the step of allowing the incoming 
packet with a source address outside the specified address range. 

5 6. The method of claim 5, further comprising the step of processing the incoming 

packet with the source address outside the specified address range. 

7. The method of claim 1 , wherein the desired action includes an instruction to allow 
the incoming packet. 

8. The method of claim 7, further comprising the step of processing the incoming 

packet. 

9. The method of claim 7, further comprising the step of blocking the incoming 
15 packet with a source address outside the specified address range. 

10. The method of claim 9, further comprising the step of dropping the incoming 
packet with the source address outside the specified address range. 

20 11. The method of claim 1 , wherein the filter is incorporated inside an SNMP agent. 

12. The method of claim 1, wherein the source address and the reference address are 
an Internet Protocol address. 

25 1 3. A system for an administrator to restrict access to a device parameter over a 

distributed computer system, comprising: 

means adapted for specifying an address range associated with a data packet; 
means adapted for generating at least one filter corresponding to the specified address 
range, wherein the filter includes, 
30 a reference address, 

an address mask, and 
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an instruction representative of a desired action to be taken for a correlating 

address; 

means adapted for receiving an incoming packet; 

means adapted for comparing a source address of the incoming packet to the reference 
5 address to determine a correlating address; and 

means adapted for executing the instruction representative of the desired action in 
accordance with the source address of the incoming packet. 

14. The system of claim 13, the comparing step further comprising: 

10 means adapted for performing a bitwise AND operation between the source address and 

the address mask; 

means adapted for performing a bitwise AND operation between the reference address 
and the address mask; and 

means adapted for comparing the outcomes of the bitwise AND operations, wherein 
15 equal outcomes results in the correlating address, and wherein not equal outcomes results in an 
address outside the specified range. 

15. The system of claim 13, wherein the desired action includes an instruction to 
block the incoming packet. 

20 

16. The system of claim 15, further comprising means adapted for dropping the 
incoming packet with a source address inside the specified address range. 



17. The system of claim 15, further comprising means adapted for allowing the 
25 incoming packet with a source address outside the specified address range. 

18. The system of claim 17, further comprising means adapted for processing the 
incoming packet with the source address outside the specified address range. 

30 19. The system of claim 13, wherein the desired action includes an instruction to 

allow the incoming packet. 



15 



20. The system of claim 19, further comprising means adapted for processing the 
incoming packet. 

21. The system of claim 19, further comprising means adapted for blocking the 
incoming packet with a source address outside the specified address range. 

22. The system of claim 21 , further comprising means adapted for dropping the 
incoming packet with the source address outside the specified address range. 

23. The system of claim 13, wherein the filter is incorporated inside an SNMP agent. 

24. The system of claim 13, wherein the source address and the reference address are 
an Internet Protocol address. 
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